最近豆子公司在轉移文件服務器,大概有80T的文件需要傳送到雲端。豆子直接使用了robocopy進行拷貝。因爲歷史原因,有些文件夾的權限設置比較奇葩,導致豆子的賬戶也沒有權限去訪問,這樣的結果就是Robocopy裏面可能會有幾十百甚至上千個文件夾因爲權限問題而無法拷貝。
robocopy 命令例子
robocopy c:\source d:\destination /E /w:30 /r:3 /log+:"c:\temp\log.txt" /xf .*
那麼如果解決這個問題呢?豆子的思路是獲取robocopy的日誌文件,通過正則提取其中失敗的路徑,然後通過腳本重新奪取管理員權限,然後重新賦予NTFS的權限。
比如說,下面的robocopy 日誌,報錯信息如下所示
New Dir 0\\syd02\Track\.TemporaryItems\folders.1138144168\Cleanup At Startup\.BAH.FftCc\ 2017/11/12 08:58:18 ERROR 5 (0x00000005) Scanning Source Directory \\syd02\Track\.TemporaryItems\folders.1138144168\Cleanup At Startup\.BAH.FftCc\Altitude Business Card Visuals\ Access is denied. Waiting 180 seconds... Retrying... 2017/11/12 09:01:18 ERROR 5 (0x00000005) Scanning Source Directory \\syd02\Track\.TemporaryItems\folders.1138144168\Cleanup At Startup\.BAH.FftCc\Altitude Business Card Visuals\ Access is denied. ERROR: RETRY LIMIT EXCEEDED.
提取路徑的PowerShell腳本如下:
#Read robocopy log files
$contents=gc C:\temp\tracktransfer.txt -raw
#Regular Expression Pattern
$patt='(\\\\syd02.*\n)Access is denied'
$result=@()
#Distract the path of broken folders
$contents | select-string -Pattern $patt -AllMatches |
foreach {
$result+=$_.matches.groups | Where-Object {$_.name -eq 1}| select -ExpandProperty value
}
#remove duplicated record and blank lines
$result |sort -Unique | foreach {$_.trimend()} | where{$_ -ne ""} | set-content c:\temp\list.txt生成的文本文件如下所示:
list.txt
\\syd02\Track\CLIENTS\WESTPAC\Westpac Cards\1_Acquisition\FY 17\Q1 Campaigns\WBCCAR7498 Q1.1 Campaign\PRODUCTION\ \\syd02\Track\.TemporaryItems\folders.1138144168\Cleanup At Startup\.BAH.FftCc\Altitude Business Card Visuals\ \\syd02\Track\CLIENTS\WESTPAC\Westpac Cards\1_Acquisition\FY 17\Q1 Campaigns\WBCCAR7487 Q1 OOH - Low Rate\CREATIVE\ \\syd02\Track\.TemporaryItems\folders.1138144168\Cleanup At Startup\.BAH.cj82c\Westpac Brand assets\ \\syd02\Track\CLIENTS\WESTPAC\Westpac Cards\2_Lifecycle\WBCCAR7602 Additional Cardholder\COPY\ \\syd02\Track\CLIENTS\WESTPAC\Westpac Cards\2_Lifecycle\WBCCAR7602 Additional Cardholder\PRODUCTION\ \\syd02\Track\CLIENTS\WESTPAC\Westpac CRM\Business\3. COMPLETE\2016\WBCCRM7595_Q4 SME Relationship email\CREATIVE\FINAL\Individual modules\Modules Half Width\ \\syd02\Track\CLIENTS\WESTPAC\Westpac Cards\1_Acquisition\FY 17\Q2 Campaigns\WBCCAR7516 Microsite Optimisation\FINANCE\ \\syd02\Track\CLIENTS\WESTPAC\Westpac Cards\1_Acquisition\FY 17\Q1 Campaigns\WBCCAR7487 Q1 OOH - Low Rate\FINANCE\
因爲最近在複習Python,順手又用Python寫了一個同樣的功能,效果是一樣的
fp=open('c:/temp/tracktransfer.txt')
fp2=open('c:/temp/list.txt','w')
contents=fp.read()
pat=r'(\\\\syd02.*\n)Access is denied'
ret=re.findall(pat,contents)
ret=set(ret)
for item in ret:
print(item)
fp2.write(item)
print("total number is %d"%len(ret))
fp.close()
fp2.close()-----------------------
然後接下來是重頭戲,如何重新奪取權限和賦值?
PowerShell自帶的Get-ACL和Set-ACL命令,以及DOS命令 takeown我都試過,老實說,不太好使,後來很幸運地在網上發現了一個第三方的模塊 NTFSSecurity,裏面的函數完全實現了我需要的功能。
下載地址:
https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85#content
下載之後,直接解壓到對應的Powershell模塊路徑,然後重啓PowerShell ISE就可以自動加載了。
下面是後半截代碼,修改目標目錄及其子目錄文件的所有者和訪問權限
$a = Get-Content "C:\temp\list.txt"
#For each folder and subfolders, setup the ownership and NTFS permissions
foreach ($i in $a)
{
if(test-path $i)
{
write-host Taking ownership of Directory $i -fore Green
get-item $i | Set-NTFSOwner -Account 'omnicom\group Australia it access'
get-item $i | add-ntfsaccess -account 'omnicom\group Australia it access' -Acce***ights FullControl
get-item $i | Add-NTFSAccess -Account 'omnicom\sydney track all staff' -Acce***ights modify
$items = @()
$items = $null
$path = $null
#if need to setup all subfolders, we can use -recusrse in the following cmdlet.
$items = get-childitem $i -force
foreach($item in $items)
{
$path = $item.FullName
Write-Host ...Adding AdminGroup to $path -Fore Green
Get-Item -force $path | Set-NTFSOwner -Account 'omnicom\group Australia it access'
get-item $item | Add-NTFSAccess -account 'omnicom\group Australia it access' -Acce***ights FullControl
get-item $item | Add-NTFSAccess -Account 'omnicom\sydney track all staff' -Acce***ights modify
}
}
}最後的效果是
這樣子,如果RoboCopy出了什麼權限方面的問題,我通過這個腳本就可以很容易的解決了,一次不行,修復之後再跑一次Robocopy很快就可以把丟失的文件拷貝回來了~